Outcomes - Selected Case Summaries
Categories
Medical clinic inadvertently sends health records to the Health Practice Board
Decisions | 08 June 2023
A medical office erroneously sent an email containing health records accompanying a doctor's application to the Health Practice Board (HPB). The doctor was informed about the breach and the administrative officer conducted a message recall and requested that recipients delete the email.
After we were notified, we noted that the recall report proved unsuccessful and that the responses to an email request for HPB recipients to delete the email did not indicate all users had deleted the email. Upon our prompting, the data controller asked for, and received, further confirmations of deletion by the remaining HPB users. The medical office was directed to our website for further guidance on responding to a personal data breach.